rsa implementation question
mwilson at the-wire.com
Mon Aug 16 20:04:17 CEST 2004
In article <mailman.1517.1092244848.5135.python-list at python.org>,
Heiko Wundram <heikowu at ceosg.de> wrote:
>Am Mittwoch, 11. August 2004 10:21 schrieb Bryan Olson:
>> I agree with about half of Heiko Wundram's response.
>Well, with what don't you agree? ;)
>Anyway, I've not read anywhere that for signing a message it is discredited to
>use RSA decrypt with private key, encrypt with public key.
I believe there's a supplied-plaintext attack. Your enemy can use
your public key to compute a special text, and ask you to sign it.
The effect of the computed text is that your enemy can then compute
your secret key from the signature. Hashing beforehand makes is almost
impossible to fall into this trap.
More information about the Python-list